Product methodology

What AdverseMonitor checks, and what a match means.

This page documents the production workflow behind the free domain scan and paid monitoring profiles. It also states what the result cannot prove.

Last reviewed: July 11, 2026

Short answer

AdverseMonitor compares customer-selected criteria with collected ransomware and dark web threat records. A result is an investigation lead with source evidence. It is not automatic proof that a network was compromised, and it is not a guarantee that every relevant source has been collected.

The production workflow

  1. You define the subject. A monitoring profile can use a company name, domain, industry, country, category, or threat actor. At least one criterion is required.
  2. The platform searches available records. The free scan checks a submitted domain. A monitoring profile can search the current archive and continue checking newly collected records.
  3. You inspect the evidence. A matched record can show the source title, named actor, observed date, category, and source URL when those fields are present.
  4. A person decides what happens next. The record should be validated against the organization, source context, and internal evidence before escalation.

What is matched

Direct identifiers

Company names and domains are the clearest starting points. Spelling, subsidiaries, brands, and shared names can affect the result.

Context filters

Industry, country, category, and threat actor criteria help narrow a monitoring profile. They do not identify a company by themselves.

Matching is not attribution. A name or domain appearing in a source record does not by itself confirm ownership, compromise, authenticity, or current exposure.

Coverage boundaries

  • Sources can disappear, restrict access, change format, or publish incomplete information.
  • A collected record may omit the organization name, domain, actor, date, or original source URL.
  • A missing result means no match was returned from the available data. It does not prove that no exposure exists.
  • AdverseMonitor does not publish a universal collection interval or complete-source coverage claim.
  • The monitoring plans are not penetration testing, vulnerability assessment, incident response, or legal advice.

How to review a result

  1. Confirm that the named company or domain refers to your organization.
  2. Open and preserve the source evidence that is available.
  3. Compare the observed date and source context with internal security events.
  4. Check identity, endpoint, network, and third-party logs before treating the record as confirmed.
  5. Escalate through your incident-response process when the evidence supports it.

Run a free domain scan or read the security controls and API behavior.